6d6f3667fc34b307338c16be4953043d15dcddcb7c066ae1db1b2c7a3ef26060

Analysis

max time kernel
90s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
25/11/2022, 21:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6d6f3667fc34b307338c16be4953043d15dcddcb7c066ae1db1b2c7a3ef26060.exe
Size

36KB
MD5

b5cabdb98720e665df42db5b4f3adabb
SHA1

9b508c09d043d1a5e392085211c8b107eab1183f
SHA256

6d6f3667fc34b307338c16be4953043d15dcddcb7c066ae1db1b2c7a3ef26060
SHA512

10f71e89796c05835a94d98627fbcc9c722183caa310079661a048a7a4c80603065100a85dac188c3ae149233961a52faeb1f88f79c2f2599fc05dc7e31f9e03
SSDEEP

384:b5bxQvdb37VANuHtG9JewdIrPlGAMBcm/sXPGtzlhJK0sfW3NhbxQvd1:tbCF37VAnVIrPlTMSm2qz968vbCT

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 2 IoCs

Remote System Discovery

T1018

pid	Process
1264	PING.EXE
2552	PING.EXE

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1376	6d6f3667fc34b307338c16be4953043d15dcddcb7c066ae1db1b2c7a3ef26060.exe
1376	6d6f3667fc34b307338c16be4953043d15dcddcb7c066ae1db1b2c7a3ef26060.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1376 wrote to memory of 4480	1376	6d6f3667fc34b307338c16be4953043d15dcddcb7c066ae1db1b2c7a3ef26060.exe	87
PID 1376 wrote to memory of 4480	1376	6d6f3667fc34b307338c16be4953043d15dcddcb7c066ae1db1b2c7a3ef26060.exe	87
PID 1376 wrote to memory of 4480	1376	6d6f3667fc34b307338c16be4953043d15dcddcb7c066ae1db1b2c7a3ef26060.exe	87
PID 4480 wrote to memory of 1264	4480	cmd.exe	89
PID 4480 wrote to memory of 1264	4480	cmd.exe	89
PID 4480 wrote to memory of 1264	4480	cmd.exe	89
PID 4480 wrote to memory of 2552	4480	cmd.exe	90
PID 4480 wrote to memory of 2552	4480	cmd.exe	90
PID 4480 wrote to memory of 2552	4480	cmd.exe	90

C:\Users\Admin\AppData\Local\Temp\6d6f3667fc34b307338c16be4953043d15dcddcb7c066ae1db1b2c7a3ef26060.exe
"C:\Users\Admin\AppData\Local\Temp\6d6f3667fc34b307338c16be4953043d15dcddcb7c066ae1db1b2c7a3ef26060.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1376
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ab9951.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4480
- - C:\Windows\SysWOW64\PING.EXE
    PING www.google.com
    3⤵
    - Runs ping.exe
    PID:1264
- - C:\Windows\SysWOW64\PING.EXE
    PING www.google.com
    3⤵
    - Runs ping.exe
    PID:2552

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ab9951.bat

Filesize
210B

MD5
122f4063a3217c6d6ec6849d31ca7e47

SHA1
0d2e0caac2a2019d3484a68d937691ae0cfd8390

SHA256
592dd2a01eeec99c062673ff5dff2c480229989043cab5fff0d62d6bd609d2e8

SHA512
15ff4b41e3057cd22d6e5065efd86a09395bad741469d287139e29596177bcaa81f091bdc7c436e40d03fcd03e6aa2c5a1bd55a3d56e4b0ba4f6a69056c36187

Download Submit